cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joshua <joshua...@gmail.com>
Subject Advanced Networking with CloudStack
Date Sat, 09 Nov 2013 10:10:31 GMT
Hello guys,

I have a special client request that I'm not quite certain the most secure
way to fulfil.

Client wants to host a virtual office environment of Windows VMs on the
cloud but needs the VMs to be connected to an onsite print/scan/fax. Access
to all VMs must be available at this same onsite office via thinclients but
some VMs must also be able to be RDPed in from a remote location.

My first instinct would be to install a virtual router with a single static
IP (maybe 2) but I'm not sure if there will be any negative implications of
such a setup. Onsite, there would be a VPN compatible router that would
talk to the virtual router to establish the VPN so that the onsite
thinclients can connect to the VMs via RDP to their internal IPs. Since the
printer is plugged to the same VPN router, this would allow all VMs connect
to the printer directly.

Regarding the issue about external RDP, the virtual router would forward
specific ports to specific computers. Targets will be identified via the
port being connected to - i.e. x.x.x.x:11111 redirects to VM1:3389, 22222
to VM2:3389 etc. I understand that I can modify the listen port on RDP but
these VMs will be created from template so a common port would be the least
troublesome.

Alternatively, the virtual router could authenticate the redirections via
MAC address but I think this would be an administrative nightmare.

So after reading my wall of text, my questions would be:

1. Any VPN routers that work well with CloudStack?

2. Can someone point me to some links on how to setup the virtual router
based on the above requirements?

3. Do advise if not having a particular static IP for the VPN router (means
the virtual router would have to listen to traffic from all global traffic)
would be opening a can of worms.

Thank you in advance.

Regards,
Joshua

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message